An Effective Data Breach Agreement Will Shield Your Company From Economic Loss From Federal and State Entities

Cell phones have become more than just a means of sending and
receiving calls and messages; for most, they have evolved into a lifeline of daily
activities. Many companies, such as Uber, are capitalizing on this notion, and
tracking their consumers’ every move through the use of mobile devices. An
uphill battle has begun with top tech companies on one hand and both federal
and state regulators on the other to blur the “God view” feature that many tech
companies use to track their consumers. Take Uber for instance, a
self-sufficient, high tech company that allows their workers to make their own
hours, all while providing immediate service to their consumers. But what about
the privacy rights of drivers and consumers? States are addressing this issue
under a variety of approaches. Take New York, for example, where Attorney
General Eric T. Schneiderman recently announced that Uber must encrypt riders’
GPS information and adopt authentication measures before any of their employees
can access rider’s sensitive personal information.

Uber’s “God View” feature is not only a breach of consumer’s
sensitive information, but it also exposes an Uber driver’s name and license plate
number. In September 2014, Uber’s data breach troubles were just beginning, as
over 50,000 license plate numbers and drivers’ names were compromised from a
data breach. Aside from the security requirements made by Attorney General Schneiderman,
Uber was also fined $20,000 for failing to provide timely notice to drivers
after the breach. Typically, the Federal Trade Commission (FTC) has regulated
data security practices, however, State Attorneys General have grown
increasingly adamant on protecting the digital privacy of consumers in their
States.

Attorney General Schneiderman has placed a larger emphasis
on enforcing privacy, and keeping consumers and employees alike protected from
any potential data breach, than most states. Nevertheless, all but three states have data breach
notification laws that mandate timely reporting of breaches and, in most cases,
for companies to implement safeguards that protect personal data.

Attorneys General in Maryland, California, Illinois,
Connecticut and New York have been designating units since at least 2012 that
are specifically directed to privacy and data security concerns by bringing
standalone actions against tech giants. In California, Comcast Corporation got
hit with a $33 million fine for their lack of data security; Google Inc. also saw
synchronizing efforts by over three-dozen Attorneys General to fine them for
data breaches. Since 2012, other states like Maryland, California, Illinois, and
Connecticut have begun to establish units specifically for privacy and data
security; they have made an increase in their enforcement footprint by bringing
both standalone actions, such as the California regulator’s $33 million fine
against Comcast.

The settlement between the State of New York and Uber will
serve as notice to Uber and other tech companies that they need to patch up the
holes in their regulatory systems, and take steps to encrypt the information of
all riders that purchase their services. So what can a tech company do to
protect itself and its online data from being subject to the harsh state
regulation? Implementing three basic features is a good start:

Eliminate The Problem Before A Data Breach Can Occur.
Prevention is key in ensuring that large issues like that compromise sensitive
consumer information. It is also important to make timely reports of any data
breach that may occur.

Do Damage Control. While it is your duty to protect your
company’s privacy, it is also just as important to report any suspicious online
activity in order to reduce the damage that may occur to a company’s data.

Seek Legal Advice. One of the most effective ways to
understand the changing legislation on privacy regulations is to reach out to
an attorney who is well versed in enhanced data security legislation.
Understanding the changes in privacy laws is key to protecting your company’s
assets from any potential compromise.

If your company has experienced a data breach, or you need assistance navigating the landscape of state privacy laws, please Contact Us
with any questions you might have.

About Us

Watson LLP is a United States based law firm practicing in the areas of intellectual property,
entertainment law, litigation, government investigations, and eDiscovery. The firm has offices in
Atlanta, Los Angeles, New York, and Orlando. For more information, please visit www.watsonllp.com.